Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01 Ran by Klaudia (administrator) on KLAUDIA-PC on 26-02-2014 16:29:36 Running from C:\Users\Klaudia\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Polish Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe (Hewlett-Packard Corporation) C:\Windows\system32\Hpservice.exe (Validity Sensors, Inc.) C:\Windows\system32\vfsFPService.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe () C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Microsoft Corporation) C:\Windows\system32\conime.exe () C:\Users\Klaudia\AppData\Local\fst_pl_41\upfst_pl_41.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\system32\wuauclt.exe (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe () C:\Program Files\FindRight\updateFindRight.exe () C:\Program Files\FindRight\FindRight.FirstRun.exe (The Audacity Team) C:\Program Files\Audacity\audacity.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe () C:\Program Files\FindRight\bin\utilFindRight.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [446556 2008-09-11] (IDT, Inc.) HKLM\...\Run: [TSMAgent] - C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-25] (CyberLink Corp.) HKLM\...\Run: [CLMLServer for HP TouchSmart] - C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-25] (CyberLink) HKLM\...\Run: [UCam_Menu] - C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-14] (CyberLink Corp.) HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-26] (CyberLink Corp.) HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2008-12-10] (DigitalPersona, Inc.) HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-10] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [UpdatePDIRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-08] (Hewlett-Packard) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Runonce: [Discount Dragon-repairJob] - wscript.exe "C:\Users\Klaudia\AppData\Local\Discount Dragon\repair.js" "Discount Dragon-repairJob" HKLM\...\RunOnce: [upfst_pl_41.exe] - C:\Users\Klaudia\AppData\Local\fst_pl_41\upfst_pl_41.exe -runonce [3154416 2014-01-27] () HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter Lsa: [Notification Packages] scecli DPPWDFLT Startup: C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk ShortcutTarget: Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915&type=default&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915&type=default&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=hp&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391677571&from=tt4u&uid=ST9160310AS_5SV4QZWC&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391677571&from=tt4u&uid=ST9160310AS_5SV4QZWC&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1391677571&from=tt4u&uid=ST9160310AS_5SV4QZWC SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {E64D9622-0737-4057-8227-8F54F970F5CE} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKCU - {E64D9622-0737-4057-8227-8F54F970F5CE} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: FindRight - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightBHO.dll (FindRight) BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) BHO: No Name - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll (AOL LLC) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 Chrome: ======= CHR HomePage: hxxp://www.google.pl/ CHR Extension: (Dokumenty Google) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-12] CHR Extension: (Dysk Google) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12] CHR Extension: (YouTube) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-12] CHR Extension: (Adblock Plus) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-11-12] CHR Extension: (Szukaj w Google) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-12] CHR Extension: (Lightning Newtab) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-26] CHR Extension: (Google Wallet) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12] CHR Extension: (Extended Protection) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26] CHR Extension: (Gmail) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-12] CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-26] CHR HKLM\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26] CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=ST9160310AS_5SV4QZWC&ts=1393425915 ========================== Services (Whitelisted) ================= R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-22] (Symantec Corporation) R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () R2 TVCapSvc; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-11-26] () R2 TVSched; C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-11-26] () R2 Update FindRight; C:\Program Files\FindRight\updateFindRight.exe [111904 2014-02-26] () S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation) R2 Util FindRight; C:\Program Files\FindRight\bin\utilFindRight.exe [111904 2014-02-26] () R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R1 BHDrvx86; C:\Windows\System32\Drivers\NIS\1008030.006\BHDrvx86.sys [259632 2010-01-20] (Symantec Corporation) R1 ccHP; C:\Windows\System32\Drivers\NIS\1008030.006\ccHPx86.sys [467592 2013-11-13] (Symantec Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-19] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-19] (Symantec Corporation) R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20140108.001\IDSvix86.sys [394456 2013-12-12] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NIS\1008030.006\SRTSP.SYS [308272 2010-01-20] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NIS\1008030.006\SRTSPX.SYS [43696 2010-01-20] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NIS\1008030.006\SYMEFA.SYS [310320 2010-01-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2013-11-12] (Symantec Corporation) S3 SYMFW; C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS [89976 2011-09-22] (Symantec Corporation) R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [25648 2010-01-20] (Symantec Corporation) S3 SYMNDISV; C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS [48760 2011-09-22] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\NIS\1008030.006\SYMTDI.SYS [217464 2011-09-22] (Symantec Corporation) R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140108.023\NAVENG.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20140108.023\NAVEX15.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS [X] S3 SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-26 16:29 - 2014-02-26 16:29 - 00019049 _____ () C:\Users\Klaudia\Downloads\FRST.txt 2014-02-26 16:26 - 2014-02-26 16:29 - 00000000 ____D () C:\FRST 2014-02-26 16:26 - 2014-02-26 16:26 - 01143808 _____ (Farbar) C:\Users\Klaudia\Downloads\FRST.exe 2014-02-26 16:24 - 2014-02-26 16:24 - 00688992 _____ (Swearware) C:\Users\Klaudia\Downloads\dds.com 2014-02-26 16:23 - 2014-02-26 16:23 - 00000000 ____D () C:\Users\Klaudia\Desktop\logi 2014-02-26 16:11 - 2014-02-26 16:12 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Downloads\OTL (1).exe 2014-02-26 16:11 - 2014-02-26 16:11 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Downloads\OTL.exe 2014-02-26 15:46 - 2014-02-26 15:46 - 00773776 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-02-26 15:46 - 2014-02-26 15:46 - 00421008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\WinZipper 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\SupTab 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Program Files\WinZipper 2014-02-26 12:37 - 2014-02-26 12:39 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Audacity 2014-02-26 12:37 - 2014-02-26 12:37 - 00000804 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-02-26 12:37 - 2014-02-26 12:37 - 00000000 ____D () C:\Program Files\Audacity 2014-02-26 12:34 - 2014-02-26 13:38 - 00000000 ____D () C:\Program Files\FindRight 2014-02-26 12:34 - 2014-02-26 12:34 - 22180353 _____ (Audacity Team ) C:\Users\Klaudia\Downloads\audacity-win-2.0.5.exe 2014-02-26 12:33 - 2014-02-26 12:33 - 00673248 _____ ( ) C:\Users\Klaudia\Downloads\Audacity(11826).exe 2014-02-18 14:03 - 2014-02-26 13:14 - 00001286 _____ () C:\Windows\setupact.log 2014-02-18 14:03 - 2014-02-18 14:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-07 13:36 - 2014-02-07 13:37 - 00000000 ____D () C:\Program Files\Cling Clang 2014-02-06 10:08 - 2014-02-06 10:08 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\BenchUpdater 2014-02-06 10:07 - 2014-02-26 15:45 - 00000000 ____D () C:\ProgramData\WPM 2014-02-06 10:07 - 2014-02-06 10:07 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-06 10:07 - 2014-02-06 10:07 - 00000000 ____D () C:\Program Files\SupTab 2014-02-06 10:06 - 2014-02-26 14:21 - 00000336 _____ () C:\Windows\Tasks\bench-S-1-5-21-153922561-2302829751-298388780-1000.job 2014-02-06 10:06 - 2014-02-06 10:38 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\awesomehp 2014-02-06 10:06 - 2014-02-06 10:06 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2014-02-06 10:05 - 2014-02-26 15:00 - 00000336 _____ () C:\Windows\Tasks\bench-sys.job 2014-02-06 10:04 - 2014-02-06 10:08 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\Discount Dragon 2014-02-06 10:04 - 2014-02-06 10:06 - 00000000 ____D () C:\Program Files\Bench 2014-02-03 20:32 - 2014-02-18 09:51 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-03 20:32 - 2014-02-03 20:32 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-03 20:31 - 2014-02-03 20:32 - 04721144 _____ (Piriform Ltd) C:\Users\Klaudia\Downloads\ccsetup410pro.exe 2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Malwarebytes 2014-02-03 19:59 - 2014-02-03 19:59 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-03 19:59 - 2014-02-03 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 19:59 - 2014-02-03 19:59 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-03 19:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-02-03 19:57 - 2014-02-03 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Klaudia\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-03 19:23 - 2014-02-06 10:11 - 00000000 ____D () C:\AdwCleaner 2014-02-03 19:23 - 2014-02-03 19:23 - 01166132 _____ () C:\Users\Klaudia\Downloads\adwcleaner.pl 3.018.exe 2014-02-03 19:00 - 2014-02-26 16:23 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\fst_pl_41 2014-02-03 19:00 - 2014-02-03 20:22 - 00000000 ____D () C:\Program Files\fst_pl_41 2014-02-03 19:00 - 2014-02-03 19:00 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-02-03 18:58 - 2014-02-03 18:58 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\DAEMON Tools Ultra 2014-02-03 18:58 - 2014-02-03 18:58 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra 2014-01-29 17:16 - 2014-01-29 17:16 - 00000000 _____ () C:\Users\Klaudia\AppData\Local\FnF4.txt 2014-01-28 13:57 - 2014-01-28 13:57 - 00000000 ____D () C:\Users\Public\CyberLink 2014-01-28 13:57 - 2014-01-28 13:57 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\CyberLink 2014-01-28 00:32 - 2014-01-28 00:32 - 00260608 _____ () C:\Users\Klaudia\Downloads\innowacje2013-2014.xls 2014-01-27 22:14 - 2014-02-06 10:08 - 00000000 ____D () C:\Windows\Minidump ==================== One Month Modified Files and Folders ======= 2014-02-26 16:29 - 2014-02-26 16:29 - 00019049 _____ () C:\Users\Klaudia\Downloads\FRST.txt 2014-02-26 16:29 - 2014-02-26 16:26 - 00000000 ____D () C:\FRST 2014-02-26 16:26 - 2014-02-26 16:26 - 01143808 _____ (Farbar) C:\Users\Klaudia\Downloads\FRST.exe 2014-02-26 16:24 - 2014-02-26 16:24 - 00688992 _____ (Swearware) C:\Users\Klaudia\Downloads\dds.com 2014-02-26 16:23 - 2014-02-26 16:23 - 00000000 ____D () C:\Users\Klaudia\Desktop\logi 2014-02-26 16:23 - 2014-02-03 19:00 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\fst_pl_41 2014-02-26 16:14 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-26 16:14 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-26 16:12 - 2014-02-26 16:11 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Downloads\OTL (1).exe 2014-02-26 16:11 - 2014-02-26 16:11 - 00602112 _____ (OldTimer Tools) C:\Users\Klaudia\Downloads\OTL.exe 2014-02-26 15:46 - 2014-02-26 15:46 - 00773776 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll 2014-02-26 15:46 - 2014-02-26 15:46 - 00421008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\WinZipper 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\SupTab 2014-02-26 15:46 - 2014-02-26 15:46 - 00000000 ____D () C:\Program Files\WinZipper 2014-02-26 15:45 - 2014-02-06 10:07 - 00000000 ____D () C:\ProgramData\WPM 2014-02-26 15:45 - 2013-11-12 00:19 - 00002277 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-02-26 15:45 - 2013-11-11 23:58 - 00001249 _____ () C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-02-26 15:42 - 2013-11-12 00:17 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-26 15:25 - 2013-11-13 16:56 - 00000052 _____ () C:\Windows\system32\DOErrors.log 2014-02-26 15:00 - 2014-02-06 10:05 - 00000336 _____ () C:\Windows\Tasks\bench-sys.job 2014-02-26 14:21 - 2014-02-06 10:06 - 00000336 _____ () C:\Windows\Tasks\bench-S-1-5-21-153922561-2302829751-298388780-1000.job 2014-02-26 13:38 - 2014-02-26 12:34 - 00000000 ____D () C:\Program Files\FindRight 2014-02-26 13:18 - 2009-02-25 12:33 - 00662056 _____ () C:\Windows\system32\perfh015.dat 2014-02-26 13:18 - 2009-02-25 12:33 - 00126908 _____ () C:\Windows\system32\perfc015.dat 2014-02-26 13:18 - 2006-11-02 11:33 - 01468980 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-26 13:16 - 2013-11-11 22:50 - 01178437 _____ () C:\Windows\WindowsUpdate.log 2014-02-26 13:14 - 2014-02-18 14:03 - 00001286 _____ () C:\Windows\setupact.log 2014-02-26 12:39 - 2014-02-26 12:37 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Audacity 2014-02-26 12:37 - 2014-02-26 12:37 - 00000804 _____ () C:\Users\Public\Desktop\Audacity.lnk 2014-02-26 12:37 - 2014-02-26 12:37 - 00000000 ____D () C:\Program Files\Audacity 2014-02-26 12:34 - 2014-02-26 12:34 - 22180353 _____ (Audacity Team ) C:\Users\Klaudia\Downloads\audacity-win-2.0.5.exe 2014-02-26 12:33 - 2014-02-26 12:33 - 00673248 _____ ( ) C:\Users\Klaudia\Downloads\Audacity(11826).exe 2014-02-26 12:16 - 2013-11-12 00:17 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-02-26 12:14 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-24 23:35 - 2006-11-02 14:01 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-02-24 23:34 - 2013-11-11 22:50 - 00001076 _____ () C:\Windows\bthservsdp.dat 2014-02-18 14:03 - 2014-02-18 14:03 - 00000000 _____ () C:\Windows\setuperr.log 2014-02-18 09:51 - 2014-02-03 20:32 - 00000000 ____D () C:\Program Files\CCleaner 2014-02-07 13:37 - 2014-02-07 13:36 - 00000000 ____D () C:\Program Files\Cling Clang 2014-02-06 10:39 - 2013-11-11 23:45 - 00000000 ____D () C:\Users\Klaudia 2014-02-06 10:38 - 2014-02-06 10:06 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\awesomehp 2014-02-06 10:11 - 2014-02-03 19:23 - 00000000 ____D () C:\AdwCleaner 2014-02-06 10:08 - 2014-02-06 10:08 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\BenchUpdater 2014-02-06 10:08 - 2014-02-06 10:04 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\Discount Dragon 2014-02-06 10:08 - 2014-01-27 22:14 - 00000000 ____D () C:\Windows\Minidump 2014-02-06 10:08 - 2009-02-25 12:34 - 00000000 ____D () C:\Windows\panther 2014-02-06 10:07 - 2014-02-06 10:07 - 00000000 ____D () C:\ProgramData\IePluginService 2014-02-06 10:07 - 2014-02-06 10:07 - 00000000 ____D () C:\Program Files\SupTab 2014-02-06 10:06 - 2014-02-06 10:06 - 00000266 __RSH () C:\ProgramData\ntuser.pol 2014-02-06 10:06 - 2014-02-06 10:04 - 00000000 ____D () C:\Program Files\Bench 2014-02-06 10:06 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-02-05 12:32 - 2013-11-11 23:34 - 00000000 ____D () C:\Windows\DPDrv 2014-02-05 12:11 - 2014-01-01 19:41 - 00000000 ____D () C:\Program Files\Mobogenie 2014-02-04 09:31 - 2013-11-11 23:59 - 00092880 _____ () C:\Users\Klaudia\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-04 09:29 - 2006-11-02 13:47 - 00351472 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-02-03 20:32 - 2014-02-03 20:32 - 00000804 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-02-03 20:32 - 2014-02-03 20:31 - 04721144 _____ (Piriform Ltd) C:\Users\Klaudia\Downloads\ccsetup410pro.exe 2014-02-03 20:22 - 2014-02-03 19:00 - 00000000 ____D () C:\Program Files\fst_pl_41 2014-02-03 20:17 - 2014-01-01 19:44 - 00000000 ____D () C:\Users\Klaudia\AppData\Local\genienext 2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Malwarebytes 2014-02-03 19:59 - 2014-02-03 19:59 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-02-03 19:59 - 2014-02-03 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-02-03 19:59 - 2014-02-03 19:59 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-02-03 19:57 - 2014-02-03 19:57 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Klaudia\Downloads\mbam-setup-1.75.0.1300.exe 2014-02-03 19:23 - 2014-02-03 19:23 - 01166132 _____ () C:\Users\Klaudia\Downloads\adwcleaner.pl 3.018.exe 2014-02-03 19:00 - 2014-02-03 19:00 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop 2014-02-03 18:58 - 2014-02-03 18:58 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\DAEMON Tools Ultra 2014-02-03 18:58 - 2014-02-03 18:58 - 00000000 ____D () C:\ProgramData\DAEMON Tools Ultra 2014-01-29 17:16 - 2014-01-29 17:16 - 00000000 _____ () C:\Users\Klaudia\AppData\Local\FnF4.txt 2014-01-28 13:57 - 2014-01-28 13:57 - 00000000 ____D () C:\Users\Public\CyberLink 2014-01-28 13:57 - 2014-01-28 13:57 - 00000000 ____D () C:\Users\Klaudia\AppData\Roaming\CyberLink 2014-01-28 13:57 - 2009-02-25 05:50 - 00000000 ____D () C:\ProgramData\CyberLink 2014-01-28 13:57 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2014-01-28 00:32 - 2014-01-28 00:32 - 00260608 _____ () C:\Users\Klaudia\Downloads\innowacje2013-2014.xls 2014-01-27 22:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool 2014-01-27 22:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-01-27 22:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration 2014-01-27 22:12 - 2006-11-02 11:22 - 36962304 _____ () C:\Windows\system32\config\software_previous 2014-01-27 22:11 - 2006-11-02 11:22 - 17039360 _____ () C:\Windows\system32\config\system_previous 2014-01-27 21:36 - 2006-11-02 11:22 - 34603008 _____ () C:\Windows\system32\config\components_previous 2014-01-27 21:36 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-01-27 17:54 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\default_previous 2014-01-27 16:56 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous Some content of TEMP: ==================== C:\Users\Klaudia\AppData\Local\Temp\HPQSi.exe C:\Users\Klaudia\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-26 12:21 ==================== End Of Log ============================